secretive: Secrets disappeared and can't create new ones

I started Secretive today, and:

  • My secrets are gone
  • I can’t create a new one

It seems like both issues are caused by the same issue: Secretive can’t access the Security Server.

Secretive/CreateSecretView.swift:54: Fatal error: 'try!' expression unexpectedly raised an error: Error Domain=NSOSStatusErrorDomain Code=-25308 "failed to generate asymmetric keypair" (errKCInteractionNotAllowed / errSecInteractionNotAllowed:  / Interaction is not allowed with the Security Server.) UserInfo={numberOfErrorsDeep=0, NSDescription=failed to generate asymmetric keypair}

OS: macOS Monterey 12.1 Hardware: M1 Air

Crash report below, I don’t believe I’ve left any PII in this…

-------------------------------------
Translated Report (Full Report Below)
-------------------------------------

Process:               Secretive [6377]
Path:                  /Applications/Secretive.app/Contents/MacOS/Secretive
Identifier:            com.maxgoedjen.Secretive.Host
Version:               2.2.0 (1.1857237470)
Code Type:             ARM-64 (Native)
Parent Process:        launchd [1]
User ID:               501

Date/Time:             2022-04-19 10:34:13.4327 +1200
OS Version:            macOS 12.1 (21C52)
Report Version:        12
Anonymous UUID:        <redacted>

Sleep/Wake UUID:       <redacted>

Time Awake Since Boot: 5400 seconds
Time Since Wake:       5340 seconds

System Integrity Protection: enabled

Notes:
thread_get_state(PAGEIN) returned 0x10000003: (ipc/send) invalid destination port
thread_get_state(EXCEPTION) returned 0x10000003: (ipc/send) invalid destination port
thread_get_state(FLAVOR) returned 0x10000003: (ipc/send) invalid destination port

Crashed Thread:        0  Dispatch queue: com.apple.main-thread

Exception Type:        EXC_BREAKPOINT (SIGTRAP)
Exception Codes:       0x0000000000000001, 0x0000000198f74818
Exception Note:        EXC_CORPSE_NOTIFY

Termination Reason:    Namespace SIGNAL, Code 5 Trace/BPT trap: 5
Terminating Process:   exc handler [6377]

Application Specific Information:
Performing @selector(didPressButton:) from sender <redacted>SwiftUIAppKitButton <redacted>
Secretive/CreateSecretView.swift:54: Fatal error: 'try!' expression unexpectedly raised an error: Error Domain=NSOSStatusErrorDomain Code=-25308 "failed to generate asymmetric keypair" (errKCInteractionNotAllowed / errSecInteractionNotAllowed:  / Interaction is not allowed with the Security Server.) UserInfo={numberOfErrorsDeep=0, NSDescription=failed to generate asymmetric keypair}


Error Formulating Crash Report:
thread_get_state(PAGEIN) returned 0x10000003: (ipc/send) invalid destination port
thread_get_state(EXCEPTION) returned 0x10000003: (ipc/send) invalid destination port
thread_get_state(FLAVOR) returned 0x10000003: (ipc/send) invalid destination port

Kernel Triage:
VM - pmap_enter failed with resource shortage
VM - pmap_enter failed with resource shortage
VM - pmap_enter failed with resource shortage
VM - pmap_enter failed with resource shortage
VM - pmap_enter failed with resource shortage


Thread 0 Crashed::  Dispatch queue: com.apple.main-thread
0   libswiftCore.dylib            	       0x198f74818 _assertionFailure(_:_:file:line:flags:) + 308
1   libswiftCore.dylib            	       0x198f74818 _assertionFailure(_:_:file:line:flags:) + 308
2   libswiftCore.dylib            	       0x198fdbb1c swift_unexpectedError + 564
3   Secretive                     	       0x1049ed84c CreateSecretView.save() + 320
4   Secretive                     	       0x1049edaf4 partial apply for implicit closure #2 in implicit closure #1 in closure #2 in closure #1 in CreateSecretView.body.getter + 32
5   SwiftUI                       	       0x1b0fbbcd4 implicit closure #2 in implicit closure #1 in AppKitButtonStyle.Content.body(environment:) + 28
6   SwiftUI                       	       0x1b0fc0f38 SwiftUIAppKitButton.didPressButton(_:) + 56
7   SwiftUI                       	       0x1b0fc0f9c @objc SwiftUIAppKitButton.didPressButton(_:) + 56
8   AppKit                        	       0x18ed350c0 -[NSApplication(NSResponder) sendAction:to:from:] + 456
9   AppKit                        	       0x18ed34ec0 -[NSControl sendAction:to:] + 96
10  AppKit                        	       0x18ed34dc8 __26-[NSCell _sendActionFrom:]_block_invoke + 152
11  AppKit                        	       0x18ed34cbc -[NSCell _sendActionFrom:] + 196
12  AppKit                        	       0x18ed34be8 -[NSButtonCell _sendActionFrom:] + 104
13  AppKit                        	       0x18ed31a28 NSControlTrackMouse + 1720
14  AppKit                        	       0x18ed31344 -[NSCell trackMouse:inRect:ofView:untilMouseUp:] + 160
15  AppKit                        	       0x18ed311b8 -[NSButtonCell trackMouse:inRect:ofView:untilMouseUp:] + 740
16  AppKit                        	       0x18ed30420 -[NSControl mouseDown:] + 636
17  AppKit                        	       0x18ed2e874 -[NSWindow(NSEventRouting) _handleMouseDownEvent:isDelayedEvent:] + 4524
18  AppKit                        	       0x18eca1ce4 -[NSWindow(NSEventRouting) _reallySendEvent:isDelayedEvent:] + 2444
19  AppKit                        	       0x18eca10ec -[NSWindow(NSEventRouting) sendEvent:] + 348
20  AppKit                        	       0x18eca0050 -[NSApplication(NSEvent) sendEvent:] + 2776
21  AppKit                        	       0x18ef5859c -[NSApplication _handleEvent:] + 76
22  AppKit                        	       0x18eb215cc -[NSApplication run] + 636
23  AppKit                        	       0x18eaf2c78 NSApplicationMain + 1064
24  SwiftUI                       	       0x1b0a01c9c specialized runApp(_:) + 148
25  SwiftUI                       	       0x1b152ba54 runApp<A>(_:) + 260
26  SwiftUI                       	       0x1b0fbb66c static App.main() + 128
27  Secretive                     	       0x1049d5a5c main + 160
28  dyld                          	       0x104dd90f4 start + 520

Thread 1::  Dispatch queue: la_client
0   libsystem_kernel.dylib        	       0x18bed75d8 __getdirentries64 + 8
1   libsystem_c.dylib             	       0x18be27728 _readdir_unlocked + 208
2   libsystem_c.dylib             	       0x18be2781c readdir + 44
3   CoreFoundation                	       0x18bf71044 _CFIterateDirectory + 148
4   CoreFoundation                	       0x18bf707ec _CFBundleGetBundleVersionForURL + 416
5   CoreFoundation                	       0x18c07fd24 _CFBundleCreate + 508
6   Foundation                    	       0x18ce537d8 -[NSBundle _cfBundle] + 76
7   Foundation                    	       0x18ce79610 -[NSBundle localizedStringForKey:value:table:] + 44
8   SharedUtils                   	       0x19e8259e8 +[LAErrorHelper localizedStringForError:] + 1212
9   SharedUtils                   	       0x19e821b90 +[LAErrorHelper errorWithCode:message:moreInfo:] + 136
10  LocalAuthentication           	       0x19e8097fc -[LAClient _serializedInvalidateWithMessage:] + 108
11  LocalAuthentication           	       0x19e809770 __34-[LAClient invalidateWithMessage:]_block_invoke + 48
12  libdispatch.dylib             	       0x18bd50e60 _dispatch_call_block_and_release + 32
13  libdispatch.dylib             	       0x18bd52bac _dispatch_client_callout + 20
14  libdispatch.dylib             	       0x18bd5a330 _dispatch_lane_serial_drain + 672
15  libdispatch.dylib             	       0x18bd5aed8 _dispatch_lane_invoke + 444
16  libdispatch.dylib             	       0x18bd65708 _dispatch_workloop_worker_thread + 656
17  libsystem_pthread.dylib       	       0x18bf0d304 _pthread_wqthread + 288
18  libsystem_pthread.dylib       	       0x18bf0c018 start_wqthread + 8

Thread 2:
0   libsystem_pthread.dylib       	       0x18bf0c010 start_wqthread + 0

Thread 3:
0   libsystem_pthread.dylib       	       0x18bf0c010 start_wqthread + 0

Thread 4:
0   libsystem_pthread.dylib       	       0x18bf0c010 start_wqthread + 0

Thread 5:: com.apple.NSEventThread
0   libsystem_kernel.dylib        	       0x18bed5954 mach_msg_trap + 8
1   libsystem_kernel.dylib        	       0x18bed5d00 mach_msg + 76
2   CoreFoundation                	       0x18bfdced8 __CFRunLoopServiceMachPort + 372
3   CoreFoundation                	       0x18bfdb390 __CFRunLoopRun + 1212
4   CoreFoundation                	       0x18bfda734 CFRunLoopRunSpecific + 600
5   AppKit                        	       0x18ec9dc90 _NSEventThread + 196
6   libsystem_pthread.dylib       	       0x18bf11240 _pthread_start + 148
7   libsystem_pthread.dylib       	       0x18bf0c024 thread_start + 8

Thread 6:
0   libsystem_pthread.dylib       	       0x18bf0c010 start_wqthread + 0


No thread state (register information) available

Binary Images:
       0x198f3a000 -        0x19938cfff libswiftCore.dylib (*) <6923cdbf-7ae0-3339-9767-eccef4909653> /usr/lib/swift/libswiftCore.dylib
       0x1049d0000 -        0x104a2ffff com.maxgoedjen.Secretive.Host (2.2.0) <141c43cb-5925-33f0-89be-bf208399e9d7> /Applications/Secretive.app/Contents/MacOS/Secretive
       0x1b096f000 -        0x1b1956fff com.apple.SwiftUI (3.2.5) <12a9ab77-4f51-355a-b663-11234d47f911> /System/Library/Frameworks/SwiftUI.framework/Versions/A/SwiftUI
       0x18eaef000 -        0x18f9a2fff com.apple.AppKit (6.9) <a8bbc643-113d-310f-96b6-77a973bf2dba> /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit
       0x104dd4000 -        0x104e33fff dyld (*) <7e92b284-4b90-3b68-b31a-3ddc4c0e8d40> /usr/lib/dyld
       0x18bed4000 -        0x18bf09fff libsystem_kernel.dylib (*) <c8b3081a-5081-3a99-bbe3-01413de444c6> /usr/lib/system/libsystem_kernel.dylib
       0x18bdd5000 -        0x18be55fff libsystem_c.dylib (*) <00fc01c7-36bc-3193-86a3-5c03046b45fb> /usr/lib/system/libsystem_c.dylib
       0x18bf58000 -        0x18c49bfff com.apple.CoreFoundation (6.9) <f5ea9592-4ef9-3d35-b23d-5c21283acc52> /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
       0x18ce4c000 -        0x18d239fff com.apple.Foundation (6.9) <cd7cdf11-986e-3754-8011-e628c3be8380> /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation
       0x19e81e000 -        0x19e856fff com.apple.CoreAuthentication.SharedUtils (1.0) <0d91fc7d-d25f-34f3-9e55-2548fa622f28> /System/Library/Frameworks/LocalAuthentication.framework/Support/SharedUtils.framework/Versions/A/SharedUtils
       0x19e804000 -        0x19e81dfff com.apple.LocalAuthentication (1.0) <1b0b50fa-53c9-3027-a59f-9f9255cfc064> /System/Library/Frameworks/LocalAuthentication.framework/Versions/A/LocalAuthentication
       0x18bd4f000 -        0x18bd95fff libdispatch.dylib (*) <3a9e9a1e-72b6-3f66-aa17-d955384c1a39> /usr/lib/system/libdispatch.dylib
       0x18bf0a000 -        0x18bf16fff libsystem_pthread.dylib (*) <ed328b18-eeef-3b15-8858-798b19b0c2cd> /usr/lib/system/libsystem_pthread.dylib

External Modification Summary:
  Calls made by other processes targeting this process:
    task_for_pid: 0
    thread_create: 0
    thread_set_state: 0
  Calls made by this process:
    task_for_pid: 0
    thread_create: 0
    thread_set_state: 0
  Calls made by all processes on this machine:
    task_for_pid: 0
    thread_create: 0
    thread_set_state: 0

VM Region Summary:
ReadOnly portion of Libraries: Total=1.0G resident=0K(0%) swapped_out_or_unallocated=1.0G(100%)
Writable regions: Total=1.6G written=0K(0%) resident=0K(0%) swapped_out=0K(0%) unallocated=1.6G(100%)

                                VIRTUAL   REGION 
REGION TYPE                        SIZE    COUNT (non-coalesced) 
===========                     =======  ======= 
Accelerate framework               768K        6 
Activity Tracing                   256K        1 
CG backing stores                 3520K        8 
CG image                           960K       10 
ColorSync                          592K       28 
CoreAnimation                      832K       33 
CoreGraphics                        48K        3 
CoreUI image data                  928K       12 
Foundation                          48K        2 
Kernel Alloc Once                   32K        1 
MALLOC                           282.7M       64 
MALLOC guard page                  288K       15 
MALLOC_MEDIUM (reserved)         960.0M        8         reserved VM address space (unallocated)
MALLOC_NANO (reserved)           384.0M        1         reserved VM address space (unallocated)
SQLite page cache                  192K        3 
STACK GUARD                       56.1M        7 
Stack                             11.2M        7 
VM_ALLOCATE                        1.0G       19 
__AUTH                            2425K      268 
__AUTH_CONST                      18.1M      448 
__DATA                            11.7M      433 
__DATA_CONST                      15.4M      453 
__DATA_DIRTY                      1545K      172 
__FONT_DATA                          4K        1 
__LINKEDIT                       576.9M        4 
__OBJC_CONST                      2617K      218 
__OBJC_RO                         82.0M        1 
__OBJC_RW                         3104K        1 
__TEXT                           431.4M      470 
__UNICODE                          588K        1 
dyld private memory               1024K        1 
libnetwork                         128K        8 
mapped file                      180.9M       36 
shared memory                      960K       17 
===========                     =======  ======= 
TOTAL                              4.0G     2760 
TOTAL, minus reserved VM space     2.6G     2760 

About this issue

  • Original URL
  • State: open
  • Created 2 years ago
  • Comments: 32 (14 by maintainers)

Most upvoted comments

Ok, upon further investigation, it seems that the issue is triggered by trying to use the key with the laptop locked?

Here’s some information about the system:

% uname -a
Darwin ... 23.2.0 Darwin Kernel Version 23.2.0: Wed Nov 15 21:54:51 PST 2023; root:xnu-10002.61.3~2/RELEASE_ARM64_T6030 arm64 arm Darwin

Reproducing steps:

  1. Confirm that everything is working:
% ssh -l git -T github.com
Hi fsouza! You've successfully authenticated, but GitHub does not provide shell access.
  1. “Schedule” the ssh command and lock the computer before it starts:
% sleep 30 && ssh -l git -T github.com
  1. Unlock the computer, confirm that ssh -T failed as expected.
% sleep 30 && ssh -l git -T github.com
sign_and_send_pubkey: signing failed for ECDSA "ecdsa-sha2-nistp256" from agent: agent refused operation
git@github.com: Permission denied (publickey).

Again, this failure is expected as the Secure Enclave is not available while the computer is locked, but now that the computer is unlocked, ssh -T still doesn’t work:

% ssh -l git -T github.com
sign_and_send_pubkey: signing failed for ECDSA "ecdsa-sha2-nistp256" from agent: agent refused operation
git@github.com: Permission denied (publickey).

Checking Secretive, no secrets are listed:

image

If I restart the agent, secrets are still not available. They only come back after I restart the computer. If I try to add a new secret, Secretive crashes just like reported by the OP. Crash report: https://gist.github.com/fsouza/675c9ddc54f8e57393f9890bb269280b

I can reliably reproduce the issue with the steps listed above. I haven’t found a way to recover from this state besides rebooting, so I haven’t done this more than a couple of times heh

I realize that the Secure Enclave is not available while the computer is locked, but is there anything that can be done to prevent Secretive from getting stuck in the bad state? Or a more effective way to reset it that doesn’t require rebooting the machine? Maybe some way to force unlock the Keychain used by Secretive? (via a special user signal maybe? Or some initialization check that would allow it to unlock when I restart the agent)

my location (and timezone). I assume this is not relevant as other folks in my organization have gone through the same process and don’t get into this state. Including it for completeness. the monitor it connects to. I don’t think this can be an issue, but I’m listing it for completeness. the keyboard it connects to (it used to connect with an apple external keyboard with touch id, but not anymore, and therefore I’m no longer using touch id)

The keyboard might be relevant there? But probably mostly to the extent of “unlocking it with password, not Touch ID.” I’ll try that, I think I’ve been unlocking with TID every time so far.

So it seems that with the laptop closed and no touchid-enabled device, the Enclave never unlocks once it’s been locked? (probably because touch ID is effectively disabled?). Is this expected? Like, is Touch ID a requirement and I just missed that? 🙈 If that’s the case, I apologize for wasting your time 😭

That definitely shouldn’t be the case. You can definitely use it on non-TID Macs (I personally used it on a Mac mini with non-TID keyboard before the M1 MBPs came out)

Here it is 😉 Using Secretive Version 2.2.0 (1.1857237470) Screenshot 2022-06-22 at 14 45 17

I only have one secret in secretive and it doesn’t appear here

Mainly I’d want to be stepping through https://github.com/maxgoedjen/secretive/blob/main/Sources/Packages/Sources/SecureEnclaveSecretKit/SecureEnclaveStore.swift#L228 and https://github.com/maxgoedjen/secretive/blob/main/Sources/Packages/Sources/SecureEnclaveSecretKit/SecureEnclaveStore.swift#L36 and also keeping an eye on the console to see if there’s anything interesting.

I got lucky and can now reproduce the issue again lol I’m not sure what changed, my laptop “soft-crashed” (keyboard and mouse stopped responding, screen went dark, but sound was still on), then I manually restarted it and when it came back, I could repro the issue again: if I unlock with the password, secrets are not available, if I use Touch ID, everything is fine.

I stepped through creation and retrieval of secrets. I’ll poke around the code a bit with help from AI™, but I’m posting an update here just in case the error is obvious to anyone reading this message.

First, creating a new secret fails with the following error:

Secretive/CreateSecretView.swift:48: Fatal error: 'try!' expression unexpectedly raised an error: Error Domain=NSOSStatusErrorDomain Code=-25308 "failed to generate asymmetric keypair" (errKCInteractionNotAllowed / errSecInteractionNotAllowed:  / Interaction is not allowed with the Security Server.) UserInfo={numberOfErrorsDeep=0, NSDescription=failed to generate asymmetric keypair}

That error is thrown here: https://github.com/maxgoedjen/secretive/blob/c7983bbf33d2111d85eac8ae6b5cdbb643ef97bb/Sources/Packages/Sources/SecureEnclaveSecretKit/SecureEnclaveStore.swift#L65-L67

loadSecrets doesn’t throw any errors, it returns from this guard: https://github.com/maxgoedjen/secretive/blob/c7983bbf33d2111d85eac8ae6b5cdbb643ef97bb/Sources/Packages/Sources/SecureEnclaveSecretKit/SecureEnclaveStore.swift#L239

Because publicUntyped is nil.

Hm, having trouble reproducing it here. I can repro the “locked machine failed the request” bit but on unlock and retry it works fine.

%  sleep 30 && ssh -l git -T github.com
sign_and_send_pubkey: signing failed for ECDSA "ecdsa-sha2-nistp256" from agent: agent refused operation
git@github.com: Permission denied (publickey).
 % ssh -l git -T github.com            
Hi maxgoedjen! You've successfully authenticated, but GitHub does not provide shell access.

I see from your crash report you’re on the same OS as me (14.2, at time of writing). I’ve tried locking while connected to external screen, while in standalone laptop, and closing lid. Any other detail I could be missing?

Heya I got this working again after some combination of reboots and OS upgrades.

@sminnee 👋 hey just checking in on this one, still happening?